A significant loss in the decentralized finance (DeFi) sector has come to light following a phishing scam that cost a trader an estimated $13.5 million in cryptocurrency. This incident was first reported by blockchain security firm PeckShield, which initially indicated that a user on the DeFi lending platform Venus Protocol had lost $27 million due to the attack. However, this figure was later corrected to reflect the user’s actual losses, taking into account the user’s existing debt position.
Phishing scams typically involve malicious actors tricking victims into granting unauthorized permissions or disclosing sensitive information by masquerading as legitimate entities. In this case, the victim inadvertently approved a malicious transaction that enabled the attacker to siphon off stablecoins and wrapped assets from their wallet.
In response to this alarming incident, Venus Protocol posted updates on social media, addressing concerns from the community. Their X thread clarified that there was no identified flaw within the smart contracts of the platform itself. When questioned by users about the possible cause, Venus Protocol indicated that the loss was likely due to user error. As a precautionary measure, the platform announced that it would be pausing operations to facilitate a thorough security review. “Right now, yes, that appears to be the case. We will keep everyone updated as we investigate,” they stated. “Protocol is paused while security reviews are underway.”
The timing of this attack coincides with a spike in criminal attempts to exploit vulnerabilities in the crypto space as the new month began. On the same day as this incident, World Liberty Financial’s governance tokenholders faced another phishing attack from a known wallet exploit, as reported by SlowMist’s founder, Yu Xian. Separately, decentralized exchange Bunni halted all smart contract functions in response to a security exploit in its Ethereum-based operations, leading to estimated losses of about $2.3 million, according to security firm BlockSec Phalcon.
The recent surge in phishing attacks reflects a broader trend observed at the start of September, which follows an already troubling month in August, where crypto-related incidents accounted for over $163 million in losses across 16 separate attacks. Industry experts, like Kronos Research CEO Hank Huang, note that the frequency of exploits tends to rise in conjunction with increasing cryptocurrency prices, indicating that security remains a crucial concern for platforms and users alike as the DeFi landscape continues to evolve.
